(Geneva, Switzerland, September 2014)

Slides:



Advertisements
Similar presentations
Its a new digital world with new digital dangers….
Advertisements

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Boost your network security with NETASQ Vulnerability Manager.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Geneva, Switzerland, November 2014 United Arab Emirates Experience Ahmad Alshamsi Manager Type Approval, UAE TRA Combating.
Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Norman SecureSurf Protect your users when surfing the Internet.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Information Technology Audit
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
APA of Isfahan University of Technology In the name of God.
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
Storage Security and Management: Security Framework
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.
OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Salsa Bits: A few things that the analysts aren't talking about... December 2006.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.
ENISA efforts for securing European Internet Infrastructure
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Cybersecurity : Optimal Approach for PSAPs
AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering
National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )
Kathy Corbiere Service Delivery and Performance Commission
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Detection and Analysis of Threats to the Energy Sector (DATES)
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
U.S. Department of Justice
Session 4 – ICT role in critical infrastructure protection
IS4680 Security Auditing for Compliance
Computer Emergency Response Team
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

(Geneva, Switzerland, 15-16 September 2014) ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) ICT Regulator Role on National Security and Critical Infrastructure Protection Suliman A. Alsamhan Electronic Evidence Supervisor, Communication and Information Technology Commission (CITC) - Saudi Arabia ssamhan@citc.gov.sa Geneva, Switzerland, 15-16 September 2014

Communication and Information Technology Commission (CITC) Role Communication and Information Technology Commission (CITC) recognized information security as one of its main responsibilities Increasing the information security awareness level in the Kingdom of Saudi Arabia Geneva, Switzerland, 15-16 September 2014

Communication and Information Technology Commission (CITC) Role Establishing National Computer Emergency Response Team (CERT-SA) Enforcing security and privacy requirements on licensed operators Contribution to the development of cybercrime law National Computer Emergency Response Team (CERT-SA) To increase the information security awareness level To coordinate national effort towards promoting IT Security best practices and creating trust among cyber community To help managing information security attacks and incidents To be the reference point in information security for the Cyber Community To build Saudi talent and human capacity in the field of information security To provide a trusted environment for e-transactions to foster trust, cooperation and collaboration among our constituents and the general cyber community in the Kingdom Geneva, Switzerland, 15-16 September 2014

This presentation will focus on the following security programs: Presentation Outline This presentation will focus on the following security programs: National Information Security polices and procedures development framework for government agencies Critical infrastructure protection program National Threat Management program Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures CITC has developed information security policies and procedures development framework for government agencies Assist the Government Agencies in Saudi Arabia in development of their customized information security policies and procedures in quick and effective manner The framework can also be used by other public and private sector organizations Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures Government agencies must implement security polices and procedure to ensure: Confidentiality, Integrity, and Availability of information The framework allow agencies to develop their own policies internally to fit their needs rather than one size fits all methodology Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures Multiple Information security international standards are considered during the preparation of the framework. The framework is prepared to comply with Saudi laws as listed below: Saudi Laws eTransaction Law eCrimes Law Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures The framework also assists in: Planning and developing information security policies and procedures Selecting appropriate information security department placement option Implementing the developed information security policies and procedures Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures Key components that will be used in rolling out the Government Agencies’ policies and procedures: Repository of Common Policies. Repository of System Specific Policies. Repository of Common Procedures. Information Security Department Placement Options. Sample Awareness Plan. Information Security Audit Process Geneva, Switzerland, 15-16 September 2014

National Information Security Policies and Procedures The framework contains a web based portal to help government agencies producing policies, procedures and other component of security program. CITC Organizes a one day workshop to explain the framework to government agencies and the usage of supporting tools Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program Why? Increase on the number of DDoS attacks in the past two years Increase on the traffic volume that is used to attack government and private agencies Increase of dependency on the eServices such as e-government and e-banking services. Potential financial loss and impact on the markets Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program The goal is to develop a program to protect critical infrastructure systems and networks from Distributed Denial of Services attacks (DDoS) Enhance cooperation and coordination between data service providers, internet service providers and critical infrastructure owners Implement DDoS protection centers and solutions Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program Program plan Identify critical infrastructure owners in Saudi Arabia Identify defense strategy Identify constituents and their roles Developing protection policies and procedures including escalation procedures Periodic tests (response efficiency) Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program DDoS Traffic passes through: ISP DSP Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program Defense Strategy Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program Defense Strategy Monitoring Teams (minimizing detection time) Establishing Scrubbing Centres Up-Stream internet provider agreements Rerouting traffic Filtering out or limiting internet protocols Geneva, Switzerland, 15-16 September 2014

Critical infrastructure protection program Defense Strategy Effective cooperation, communication and coordination between constituents Continues evaluation and testing Geneva, Switzerland, 15-16 September 2014

Threat Management Program The program is designed to mitigate several threats: Malware infection Billions of systems are infected with malware around the world Critical Vulnerabilities Many internet systems are vulnerable and can be used to launch attacks Compromised web site Do you know if your web site is compromised? Geneva, Switzerland, 15-16 September 2014

Threat Management Program Malware infection, easy !! Geneva, Switzerland, 15-16 September 2014 Source: Mandiant Threat Report 2013

Threat Management Program CITC/CERT-SA developed Threat Management System (TMS): Utilizing the information produced by security community around the world to identify threats related to Saudi IP addresses. Using google search API to detect compromised web site (e.g. keywords) Alerting registered constituents about the threats and remediation steps. Producing statistics about threats in Saudi Arabia Geneva, Switzerland, 15-16 September 2014

Threat Management Program Threat Management System (TMS): Government and private agencies must provide full contact information and IP addresses information to CITC/CERT-SA The system parse received reports automatically and generates alerts to government and private agencies The alert contains instructions for threat remediation The system is developed internally as a web based system Geneva, Switzerland, 15-16 September 2014

Threat Management Program Threat Management System (TMS): Threat information Report Infection Type Source & Destination IP Protocol Port Time stamp Geographical location Types of threats Viruses Denial of Service attack - DOS SPAM URL source Botnet Command & Controller Infected or suspicious URL Open recursive DNS Compromised web sites Geneva, Switzerland, 15-16 September 2014

Threat Management Program Alerting TMS Fetch Mail Account Process Result Information Sources correlate Analysis Normalize Data Base Match Geneva, Switzerland, 15-16 September 2014

Conclusions and Recommendations Today’s cyber threats and risks show a strong need for international organization to set the internet policies and regulations in an enhanced cooperation fashion where governments get together, agree and implement an international public policy to counter cyber threats and threats ICT Regulators can play major role to boost information security in the national level Organizations needs help to address information security issues Coordination, cooperation, and communication is key success to mitigate national information security threats Awareness is the foundation for information security Geneva, Switzerland, 15-16 September 2014